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DETAILED ACTION 

1 . Claims 1 , 13-15, and 17-21 have been examined. 

Claim Rejections - 35 USC §103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

3. Claims 1, 13-15, and 17-21 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Griffin et al. U.S. Pat. No. 5249294 (hereinafter Griffin) in view of Kocher et al. U.S. Pub. 
No. 20020124178 (hereinafter Kocher). 

4. As per claim 1 , Griffin discloses a method for securing a computer system which 
comprises at least a code execution module (Griffin: figure 1 : CPU) and memory capacities 
(Griffin: figure 1: ROM 18 and RAM 24) for storing interpreted code (Griffin: figure 1: Routines 
n-1 . . .n) having measurable physical imprints (Griffin: column 1 lines 30-34: external observable 
event. . .change of voltage or current) wherein in order to make more difficult attacks based on 
physical measurements or requiring synchronization with said interpreted code (Griffin: column 

1 lines 15-20: clock attack/differential power analysis attack), the method comprises the steps of: 

providing at least two different implementations (Griffin: column 1 lines 46-49: 
randomly varying duration of predetermined routine creates different implementation) for at least 
one instruction of said interpreted code (Griffin: figure 1 : predetermined routine comprises 
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routines n-1, n, n+1, etc), said different implementations each requiring a different execution 
time and/or having a different physical imprint (Griffin: column 1 lines 46-49: randomizing the 
duration of program executions to change the power fluctuation) while providing an identical 
result (Griffin: column 1 line 47: randomizing duration of execution does not result in change of 
result); 

selecting one of said different implementations to be executed before each execution of 
said instruction (Griffin: column 1 lines 61-62: assembling m of n interim subroutines through 
random selection to be included in one implementation of predetermined routine/interpreted 
code); and 

executing the determined different implementation (Griffin: column 1 lines 55-50: 
executing the determined implementation). 

Griffin discloses executing routines/instructions by a processor (Griffin: figure 1 : 
routines/interpreted code). Griffin does not explicitly the system comprises a code interpretation 
module. However, Kocher discloses a method of minimizing the effect of differential power 
analysis attack on a system that runs interpreted code (Kocher: [0058] line 20: running 
interpreted code as Java requires interpreting module on system). It would have been obvious to 
one having ordinary skill in the art to have a code interpretation module on a microprocessor 
system such as smartcard because it is well known in the art to execute instructions (machine 
code) that are interpreted from high-level language and both prior art disclose a microprocessor 
that protects data from differential power analysis attack by introducing additional instructions. 
Therefore, it would have been obvious to one having ordinary skill in the art at the time of 
applicant's invention to combine the teachings of Kocher within the system of Griffin because 
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code interpretation module allows different high-level language programs to be executed in a 
single platform. 

5. As per claim 13, Griffin as modified discloses the method according to claim 1 . Griffin as 
modified further discloses the method comprising: 

a first mode for introducing a plurality of implementations of certain instructions 
consisting of enriching the set of instructions recognized by the interpreter with a plurality of 
implementations for a given instruction (Griffin: column 61-64: assembling interim routines to 
be included for program execution; column 3 lines 37-39: assembling interim routines enriches 
the set of instructions by embedding instructions into the interim routines). 

6. As per claim 14, Griffin as modified discloses the method according to claim 1 . Griffin as 
modified further discloses the method comprising: 

a second mode for introducing the aforesaid plurality of implementations of certain 
instructions consisting of comprising in the actual implementation of the instruction, a branching 
to a portion of at least one alternative code with a variable physical imprint or duration, which 
dynamically determines the implementation to be executed (Griffin: figure 4 and column 6 lines 
44-45: branch to interim routines; column 7 lines 4-14: the CPU executes interim routines 
randomly by following pointers to dynamically execute interim routines). 

7. As per claim 15, Griffin as modified discloses the method of claim 14. Griffin as 
modified further discloses the method comprising: 
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a first mode for realizing the aforesaid alternative code consisting of proposing a plurality 
of different implementations of the instruction (Griffin: column 1 lines 61-64: randomly 
selecting and assembling m of n routines) and by conditioning the choice of the executed version 
to a dynamical test depending on data known at execution (Griffin: column 2 lines 31-33: 
monitoring the interim routines to detect whether the routines are tampered with). 

8. As per claim 17, Griffin as modified discloses the method of claim 15. Griffin as 
modified further discloses the method comprising: 

a second mode for realizing the aforesaid "alternative code" consisting of improving the 
aforesaid first mode for realizing "alternative codes" consisting of replacing the test for deciding 
on the selected version with a branching in an indirection table containing the addresses of the 
available version at an index calculated for variable items (Griffin: figure 4: the CPU uses table 
of pointers for interim routine to branch to respective interim routines selected; column 6 lines 4- 
12: the pointers allows the CPU to branch to respective randomly selected interim routines). 

9. As per claim 18, Griffin as modified discloses the method of claim 1 . Griffin as modified 
further discloses the method being implemented on a module for interpreting software code, a 
so-called virtual machine (Kocher: [0058] line 20: Java interpreted code requires Java virtual 
machine in order to be compiled). Same rationale applies as in claim 1. 
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10. As per claim 19, Griffin as modified discloses the method of claim 18. Griffin as 
modified further discloses wherein said virtual machine is a Java platform (Kocher: [0058] line 
20: Java platform). 

11. As per claim 20, Griffin as modified discloses the method of claim 1 . Griffin as modified 
further discloses the method being implemented on a module for interpreting physical code 
(Griffin: figure 1: the CPU executes the routines, which are low-level machine codes). 

12. As per claim 21. Griffin as modified discloses the method of claim 1. Griffin as modified 
further discloses the method being implemented on an embedded system and on an interpretation 
module of the microcontroller or microprocessor type (Griffin: figure 1 and column 3 line 5: 
secure microprocessor; Kocher: figure 2: smartcard microprocessor). 

Response to Arguments 

13. Applicant's arguments filed on 6/6/08 have been fully considered but they are not 
persuasive. 

Regarding applicant's remarks, applicant mainly argues that the prior art of record does 
not explicitly disclose multiplicity of implementations of instructions. However, the examiner 
disagrees. Based on broadest reasonable interpretation, the examiner has interpreted the interim 
codes introduced during each execution of codes taught by Rose as multiplicity of 
implementations of instructions (Rose: column 2 lines 55-58). Although the implementations as 
described in the specification might be distinct from the implementation taught by Rose, the 
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claims are not written to clearly distinguish this application from the prior art of record. In 
addition, 

The arguments made by applicant appear to be construed in light of the specification. 
Based on the terms "implementations", "different execution time" and/or "physical imprint", 
although the specific implementations taught by this application might be distinct from prior art, 
it is not unreasonable to rely on Rose's disclosure of introducing interim codes during each 
execution because the purpose of introducing interim codes is to vary execution time and 
physical imprints to protect system from differential power analysis attack. Therefore, applicant's 
argument is traversed in light of the above explanation. 

Conclusion 

14. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 
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15. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Shin-Hon Chen whose telephone number is (571) 272-3789. The 
examiner can normally be reached on Monday through Friday 8:30am to 5:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Shin-Hon Chen/ Shin-Hon Chen 

Examiner, Art Unit 2131 Examiner 

Art Unit 2131 



